Spaces:

RocketFarmStudios
/

CPS-API

Sleeping

App Files Files Community

Ali2206 commited on May 22, 2025

Commit

b84b4a7

verified ·

1 Parent(s): 14f392b

Update api/routes/auth.py

Browse files

Files changed (1) hide show

api/routes/auth.py +131 -88

api/routes/auth.py CHANGED Viewed

@@ -1,113 +1,156 @@
-from fastapi import APIRouter, Depends, HTTPException, status, Request
 from fastapi.security import OAuth2PasswordRequestForm
-from db.mongo import get_user_db
-from core.security import (
-    create_access_token,
-    verify_token,
-    get_password_hash,
-    verify_password
-)
-from models.schemas import (
-    TokenResponse,
-    UserCreate,
-    UserInDB,
-    UserResponse
-)
-from datetime import timedelta
 import logging
-from core.config import settings
-router = APIRouter()
 logger = logging.getLogger(__name__)
-@router.post("/login", response_model=TokenResponse)
-async def login(
-    request: Request,
-    form_data: OAuth2PasswordRequestForm = Depends()
 ):
-    logger.info(f"Login attempt from {request.client.host}")
-    user_db = await get_user_db()
-    user = await user_db.find_one({"email": form_data.username.lower()})
     if not user or not verify_password(form_data.password, user["password"]):
-        logger.warning(f"Failed login attempt for {form_data.username}")
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
-            detail="Incorrect email or password",
             headers={"WWW-Authenticate": "Bearer"},
         )
-    access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
-    access_token = create_access_token(
-        data={"sub": user["email"], "role": user.get("role", "user")},
-        expires_delta=access_token_expires
-    )
-    logger.info(f"Successful login for {user['email']}")
     return {
         "access_token": access_token,
         "token_type": "bearer",
-        "expires_in": access_token_expires.total_seconds()
     }
-@router.post("/signup", response_model=UserResponse)
-async def signup(user_in: UserCreate):
-    logger.info(f"Signup attempt for {user_in.email}")
-    user_db = await get_user_db()
-    if await user_db.find_one({"email": user_in.email.lower()}):
-        logger.warning(f"Email already registered: {user_in.email}")
-        raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST,
-            detail="Email already registered"
-        )
-    hashed_password = get_password_hash(user_in.password)
-    db_user = UserInDB(
-        **user_in.dict(),
-        password=hashed_password,
-        role="user",
-        created_at=datetime.utcnow(),
-        updated_at=datetime.utcnow()
-    )
     try:
-        result = await user_db.insert_one(db_user.dict())
-        logger.info(f"User created: {user_in.email}")
-        return UserResponse(
-            id=str(result.inserted_id),
-            email=db_user.email,
-            full_name=db_user.full_name,
-            role=db_user.role
-        )
     except Exception as e:
-        logger.error(f"User creation failed: {str(e)}")
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
-            detail="User creation failed"
         )
-@router.get("/me", response_model=UserResponse)
-async def read_users_me(
-    request: Request,
-    current_user: UserInDB = Depends(verify_token)
-):
-    logger.info(f"User profile request for {current_user.sub}")
-    user_db = await get_user_db()
-    user = await user_db.find_one({"email": current_user.sub})
-    if not user:
-        logger.error(f"User not found: {current_user.sub}")
-        raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND,
-            detail="User not found"
-        )
-    return UserResponse(
-        id=str(user["_id"]),
-        email=user["email"],
-        full_name=user.get("full_name", ""),
-        role=user.get("role", "user")
-    )

+from fastapi import APIRouter, HTTPException, Depends, status, Request
 from fastapi.security import OAuth2PasswordRequestForm
+from db.mongo import users_collection
+from core.security import hash_password, verify_password, create_access_token, get_current_user
+from models.schemas import SignupForm, TokenResponse, DoctorCreate
+from datetime import datetime
 import logging
+# Configure logging
+logging.basicConfig(
+    level=logging.INFO,
+    format='%(asctime)s - %(levelname)s - %(name)s - %(message)s'
+)
 logger = logging.getLogger(__name__)
+router = APIRouter()
+@router.post("/signup", status_code=status.HTTP_201_CREATED)
+async def signup(data: SignupForm):
+    logger.info(f"Signup attempt for email: {data.email}")
+    email = data.email.lower().strip()
+    existing = await users_collection.find_one({"email": email})
+    if existing:
+        logger.warning(f"Signup failed: Email already exists: {email}")
+        raise HTTPException(
+            status_code=status.HTTP_409_CONFLICT,
+            detail="Email already exists"
+        )
+    hashed_pw = hash_password(data.password)
+    user_doc = {
+        "email": email,
+        "full_name": data.full_name.strip(),
+        "password": hashed_pw,
+        "role": "patient",
+        "created_at": datetime.utcnow().isoformat(),
+        "updated_at": datetime.utcnow().isoformat()
+    }
+    try:
+        result = await users_collection.insert_one(user_doc)
+        logger.info(f"User created successfully: {email}")
+        return {
+            "status": "success",
+            "id": str(result.inserted_id),
+            "email": email
+        }
+    except Exception as e:
+        logger.error(f"Failed to create user {email}: {str(e)}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to create user: {str(e)}"
+        )
+@router.post("/admin/doctors", status_code=status.HTTP_201_CREATED)
+async def create_doctor(
+    data: DoctorCreate,
+    current_user: dict = Depends(get_current_user)
 ):
+    logger.info(f"Doctor creation attempt by {current_user.get('email')}")
+    if current_user.get('role') != 'admin':
+        logger.warning(f"Unauthorized doctor creation attempt by {current_user.get('email')}")
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Only admins can create doctor accounts"
+        )
+    email = data.email.lower().strip()
+    existing = await users_collection.find_one({"email": email})
+    if existing:
+        logger.warning(f"Doctor creation failed: Email already exists: {email}")
+        raise HTTPException(
+            status_code=status.HTTP_409_CONFLICT,
+            detail="Email already exists"
+        )
+    hashed_pw = hash_password(data.password)
+    doctor_doc = {
+        "email": email,
+        "full_name": data.full_name.strip(),
+        "password": hashed_pw,
+        "role": "doctor",
+        "specialty": data.specialty,
+        "license_number": data.license_number,
+        "created_at": datetime.utcnow().isoformat(),
+        "updated_at": datetime.utcnow().isoformat()
+    }
+    try:
+        result = await users_collection.insert_one(doctor_doc)
+        logger.info(f"Doctor created successfully: {email}")
+        return {
+            "status": "success",
+            "id": str(result.inserted_id),
+            "email": email
+        }
+    except Exception as e:
+        logger.error(f"Failed to create doctor {email}: {str(e)}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to create doctor: {str(e)}"
+        )
+@router.post("/login", response_model=TokenResponse)
+async def login(form_data: OAuth2PasswordRequestForm = Depends()):
+    logger.info(f"Login attempt for email: {form_data.username}")
+    user = await users_collection.find_one({"email": form_data.username.lower()})
     if not user or not verify_password(form_data.password, user["password"]):
+        logger.warning(f"Login failed for {form_data.username}: Invalid credentials")
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid credentials",
             headers={"WWW-Authenticate": "Bearer"},
         )
+    access_token = create_access_token(data={"sub": user["email"]})
+    logger.info(f"Successful login for {form_data.username}")
     return {
         "access_token": access_token,
         "token_type": "bearer",
+        "role": user.get("role", "patient")
     }
+@router.get("/me")
+async def get_me(request: Request, current_user: dict = Depends(get_current_user)):
+    logger.info(f"Fetching user profile for {current_user['email']}")
+    print(f"Headers: {request.headers}")
     try:
+        user = await users_collection.find_one({"email": current_user["email"]})
+        if not user:
+            logger.warning(f"User not found: {current_user['email']}")
+            raise HTTPException(
+                status_code=status.HTTP_404_NOT_FOUND,
+                detail="User not found"
+            )
+        response = {
+            "id": str(user["_id"]),
+            "email": user["email"],
+            "full_name": user.get("full_name", ""),
+            "role": user.get("role", "patient"),
+            "specialty": user.get("specialty"),
+            "created_at": user.get("created_at"),
+            "updated_at": user.get("updated_at")
+        }
+        logger.info(f"User profile retrieved for {current_user['email']}")
+        return response
     except Exception as e:
+        logger.error(f"Database error for user {current_user['email']}: {str(e)}")
         raise HTTPException(
             status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Database error: {str(e)}"
         )
+# Export the router as 'auth' for api.__init__.py
+auth = router